Privacy Policy

Last updated: 10 July 2026

This Privacy Policy explains how HealthTracker.Fit ("the app", "we", "us") collects, uses, stores, shares, and protects your information when you use our Android application. We take the privacy of your health data seriously. This policy is written to meet the requirements of Malaysia's Personal Data Protection Act 2010 (PDPA) and to respect GDPR-style data-protection rights for users in other regions.

Not medical advice. HealthTracker.Fit is a wellness and self-tracking tool. It is not a medical device and does not diagnose, treat, or provide medical advice. Always consult a qualified healthcare professional about your health.

1. Who we are

HealthTracker.Fit is operated by Two Quarters Ventures. For any privacy question or to exercise your rights, contact us at hello@healthtracker.fit.

2. What data we collect

We only collect what the app needs to work. This includes:

CategoryExamples
AccountEmail address, and (if you sign in with Google) your Google account email and basic profile. A display name if you provide one.
Health & fitness dataFood and calorie logs, macros, body weight, water intake, exercise, fasting sessions, supplements and dose-adherence records, and blood-test / lab marker values you enter or photograph.
Profile & goalsOptional body metrics you enter (age, sex, height, weight, activity level) and your calorie/macro goals, used to calculate targets and reports.
Photos you takePhotos of meals, supplement labels, and lab reports that you choose to capture for analysis.
Technical dataA device attestation token (Firebase App Check) and standard crash/diagnostic information used to keep the service secure and reliable. We do not use advertising identifiers, and the app contains no third-party ad networks.

We do not collect your precise location, contacts, or browsing history.

3. How we use your data

We do not sell your personal data, and we do not use it for advertising or profiling unrelated to the app's features.

Where GDPR-style rules apply, we rely on:

Under Malaysia's PDPA, we process your personal data on the basis of your consent and to fulfil the service you have requested.

5. Who we share data with

We share data only with the service providers (data processors) needed to run the app:

ProviderPurposeWhat is shared
Google Firebase (Google LLC)Authentication, database (Firestore), file storage, cloud functions, app securityYour account, health data, and photos, stored in your own protected account space
Anthropic (Claude AI)Analysing photos you take of meals, supplement labels, and lab reports; writing the narrative in your Health ReportThe image or figures for that specific request only (see section 6)
USDA FoodData CentralFood nutrition searchYour search terms only — no personal or health data
Open Food FactsBarcode and product lookupThe barcode or product query only — no personal or health data
Google Drive (optional)Backing up your generated report PDFs, only if you turn it onYour report PDFs, to your own Google Drive (see section 7)

We may also disclose data if required by law, or to protect the rights, safety, or property of our users or us.

6. AI photo & document analysis

When you use AI photo food logging, supplement-label scanning, or lab-report reading, the image you capture is sent securely to Anthropic's Claude AI service to extract the relevant information (for example, the foods in a meal or the markers on a lab report). This happens only for the specific request you initiate.

Anthropic processes the request to return a result and, per its API terms, does not use data submitted through its API to train its models. We send the minimum needed for the feature and do not attach your identity to the request beyond what is technically required.

7. Optional Google Drive backup

You can optionally connect Google Drive so your generated Health Report and Lab Report PDFs are automatically saved to your own Drive. This is off by default and only happens if you turn it on and grant permission.

Our use of Google Drive complies with the Google API Services User Data Policy, including its Limited Use requirements.

8. Where your data is stored & how it is secured

Your data is stored in Google Firebase's secure cloud infrastructure. We protect it with:

No system is perfectly secure, but we design the app to use the least access necessary and to keep your health data protected.

9. Retention & deletion

We keep your data for as long as your account exists. You can delete your account from within the app at any time (Settings → Delete account). Deleting your account permanently erases your profile and all associated health data — food logs, weights, water, exercise, fasting, recipes, favourites, lab reports, generated reports, and supplement records — from our systems.

Files you previously chose to back up to your own Google Drive are yours; account deletion does not remove them from your Drive, and you can delete them there yourself.

10. Your rights

Depending on where you live, you have the right to:

To exercise any right, email hello@healthtracker.fit. You also have the right to lodge a complaint with your local data-protection authority.

11. Children

HealthTracker.Fit is not directed at children under 13 (or the minimum age of digital consent in your country). We do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will delete it.

12. Changes to this policy

We may update this policy from time to time. We will update the "Last updated" date above and, for material changes, provide notice in the app. Continued use after changes take effect means you accept the updated policy.

13. Contact us

Questions, requests, or complaints about your privacy? Email us at hello@healthtracker.fit and we will respond as promptly as we can.